[moderation] [kernel?] KCSAN: data-race in data_push_tail / hex_string (3)
2 views
Skip to first unread message
syzbot
Apr 9, 2025, 12:05:33 PM4/9/25
to syzkaller-upst...@googlegroups.com
Hello,
syzbot found the following issue on:
HEAD commit: a24588245776 Merge tag 'linux_kselftest-kunit-6.15-rc2' of..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b52c04580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a84f9483dff14ac4
dashboard link: https://syzkaller.appspot.com/bug?extid=b8f5619e254504ea69c3
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/175e4474397e/disk-a2458824.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be128e72614d/vmlinux-a2458824.xz
kernel image: https://storage.googleapis.com/syzbot-assets/631395270254/bzImage-a2458824.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b8f561...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in data_push_tail / hex_string
write to 0xffffffff88e643f8 of 1 bytes by task 9969 on cpu 0:
hex_string+0x2d2/0x330 lib/vsprintf.c:1214
pointer+0x300/0xcf0 lib/vsprintf.c:2446
vsnprintf+0x48f/0x8a0 lib/vsprintf.c:2856
vscnprintf+0x42/0x90 lib/vsprintf.c:2917
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
vprintk_store+0x583/0x860 kernel/printk/printk.c:2336
vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x7f/0xb0 kernel/printk/printk.c:2475
show_opcodes+0x100/0x120 arch/x86/kernel/dumpstack.c:123
show_ip arch/x86/kernel/dumpstack.c:144 [inline]
show_iret_regs+0x32/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x2b/0x450 arch/x86/kernel/process_64.c:76
show_trace_log_lvl+0x2c1/0x3d0 arch/x86/kernel/dumpstack.c:300
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xf6/0x150 lib/dump_stack.c:120
dump_stack+0x15/0x1a lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x261/0x270 lib/fault-inject.c:174
should_failslab+0x8f/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4104 [inline]
slab_alloc_node mm/slub.c:4180 [inline]
__do_kmalloc_node mm/slub.c:4330 [inline]
__kmalloc_node_track_caller_noprof+0xaa/0x410 mm/slub.c:4350
kmemdup_noprof+0x2b/0x70 mm/util.c:137
_Z14kmemdup_noprofPKvU25pass_dynamic_object_size0mj include/linux/fortify-string.h:765 [inline]
sidtab_sid2str_get+0xb8/0x140 security/selinux/ss/sidtab.c:625
sidtab_entry_to_string security/selinux/ss/services.c:1296 [inline]
security_sid_to_context_core+0x1eb/0x2f0 security/selinux/ss/services.c:1399
security_sid_to_context+0x27/0x30 security/selinux/ss/services.c:1420
selinux_secid_to_secctx security/selinux/hooks.c:6695 [inline]
selinux_lsmprop_to_secctx+0x6c/0xf0 security/selinux/hooks.c:6709
security_lsmprop_to_secctx+0x40/0x80 security/security.c:4343
audit_log_task_context+0x7a/0x180 kernel/audit.c:2190
audit_log_task+0xfb/0x250 kernel/auditsc.c:2954
audit_seccomp+0x68/0x130 kernel/auditsc.c:3004
seccomp_log kernel/seccomp.c:1033 [inline]
__seccomp_filter+0x694/0x10e0 kernel/seccomp.c:1328
__secure_computing+0x7e/0x160 kernel/seccomp.c:1388
syscall_trace_enter+0xcf/0x1f0 kernel/entry/common.c:52
syscall_enter_from_user_mode_work include/linux/entry-common.h:169 [inline]
syscall_enter_from_user_mode include/linux/entry-common.h:199 [inline]
do_syscall_64+0xaa/0x1c0 arch/x86/entry/syscall_64.c:90
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e643f8 of 8 bytes by task 9972 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
data_push_tail+0x107/0x440 kernel/printk/printk_ringbuffer.c:679
data_alloc+0xbd/0x2c0 kernel/printk/printk_ringbuffer.c:1054
prb_reserve+0x86a/0xb80 kernel/printk/printk_ringbuffer.c:1669
vprintk_store+0x552/0x860 kernel/printk/printk.c:2326
vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x7f/0xb0 kernel/printk/printk.c:2475
__netdev_printk+0x2d1/0x3e0 net/core/dev.c:12409
netdev_info+0x9e/0xd0 net/core/dev.c:12456
netif_set_allmulti+0x15f/0x250 net/core/dev.c:9252
__dev_change_flags+0x32b/0x410 net/core/dev.c:9395
rtnl_configure_link net/core/rtnetlink.c:3588 [inline]
rtnl_newlink_create+0x36a/0x640 net/core/rtnetlink.c:3843
__rtnl_newlink net/core/rtnetlink.c:3950 [inline]
rtnl_newlink+0xf38/0x12d0 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x65a/0x740 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x12f/0x230 net/netlink/af_netlink.c:2534
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6982
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x605/0x6c0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x609/0x720 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x140/0x180 net/socket.c:727
____sys_sendmsg+0x350/0x4e0 net/socket.c:2566
___sys_sendmsg net/socket.c:2620 [inline]
__sys_sendmsg+0x1a0/0x240 net/socket.c:2652
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2655
x64_sys_call+0x26f3/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000000ffffe8f5 -> 0x3620336320666620
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9972 Comm: syz.0.1845 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot found the following issue on:
HEAD commit: a24588245776 Merge tag 'linux_kselftest-kunit-6.15-rc2' of..
git tree: upstream
console output: https://syzkaller.appspot.com/x/log.txt?x=12b52c04580000
kernel config: https://syzkaller.appspot.com/x/.config?x=a84f9483dff14ac4
dashboard link: https://syzkaller.appspot.com/bug?extid=b8f5619e254504ea69c3
compiler: Debian clang version 15.0.6, GNU ld (GNU Binutils for Debian) 2.40
CC: [b...@alien8.de dave....@linux.intel.com h...@zytor.com jpoi...@kernel.org linux-...@vger.kernel.org mi...@redhat.com pet...@infradead.org tg...@linutronix.de x...@kernel.org]
Unfortunately, I don't have any reproducer for this issue yet.
Downloadable assets:
disk image: https://storage.googleapis.com/syzbot-assets/175e4474397e/disk-a2458824.raw.xz
vmlinux: https://storage.googleapis.com/syzbot-assets/be128e72614d/vmlinux-a2458824.xz
kernel image: https://storage.googleapis.com/syzbot-assets/631395270254/bzImage-a2458824.xz
IMPORTANT: if you fix the issue, please add the following tag to the commit:
Reported-by: syzbot+b8f561...@syzkaller.appspotmail.com
==================================================================
BUG: KCSAN: data-race in data_push_tail / hex_string
write to 0xffffffff88e643f8 of 1 bytes by task 9969 on cpu 0:
hex_string+0x2d2/0x330 lib/vsprintf.c:1214
pointer+0x300/0xcf0 lib/vsprintf.c:2446
vsnprintf+0x48f/0x8a0 lib/vsprintf.c:2856
vscnprintf+0x42/0x90 lib/vsprintf.c:2917
printk_sprint+0x30/0x2d0 kernel/printk/printk.c:2216
vprintk_store+0x583/0x860 kernel/printk/printk.c:2336
vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x7f/0xb0 kernel/printk/printk.c:2475
show_opcodes+0x100/0x120 arch/x86/kernel/dumpstack.c:123
show_ip arch/x86/kernel/dumpstack.c:144 [inline]
show_iret_regs+0x32/0x60 arch/x86/kernel/dumpstack.c:149
__show_regs+0x2b/0x450 arch/x86/kernel/process_64.c:76
show_trace_log_lvl+0x2c1/0x3d0 arch/x86/kernel/dumpstack.c:300
__dump_stack lib/dump_stack.c:94 [inline]
dump_stack_lvl+0xf6/0x150 lib/dump_stack.c:120
dump_stack+0x15/0x1a lib/dump_stack.c:129
fail_dump lib/fault-inject.c:73 [inline]
should_fail_ex+0x261/0x270 lib/fault-inject.c:174
should_failslab+0x8f/0xb0 mm/failslab.c:46
slab_pre_alloc_hook mm/slub.c:4104 [inline]
slab_alloc_node mm/slub.c:4180 [inline]
__do_kmalloc_node mm/slub.c:4330 [inline]
__kmalloc_node_track_caller_noprof+0xaa/0x410 mm/slub.c:4350
kmemdup_noprof+0x2b/0x70 mm/util.c:137
_Z14kmemdup_noprofPKvU25pass_dynamic_object_size0mj include/linux/fortify-string.h:765 [inline]
sidtab_sid2str_get+0xb8/0x140 security/selinux/ss/sidtab.c:625
sidtab_entry_to_string security/selinux/ss/services.c:1296 [inline]
security_sid_to_context_core+0x1eb/0x2f0 security/selinux/ss/services.c:1399
security_sid_to_context+0x27/0x30 security/selinux/ss/services.c:1420
selinux_secid_to_secctx security/selinux/hooks.c:6695 [inline]
selinux_lsmprop_to_secctx+0x6c/0xf0 security/selinux/hooks.c:6709
security_lsmprop_to_secctx+0x40/0x80 security/security.c:4343
audit_log_task_context+0x7a/0x180 kernel/audit.c:2190
audit_log_task+0xfb/0x250 kernel/auditsc.c:2954
audit_seccomp+0x68/0x130 kernel/auditsc.c:3004
seccomp_log kernel/seccomp.c:1033 [inline]
__seccomp_filter+0x694/0x10e0 kernel/seccomp.c:1328
__secure_computing+0x7e/0x160 kernel/seccomp.c:1388
syscall_trace_enter+0xcf/0x1f0 kernel/entry/common.c:52
syscall_enter_from_user_mode_work include/linux/entry-common.h:169 [inline]
syscall_enter_from_user_mode include/linux/entry-common.h:199 [inline]
do_syscall_64+0xaa/0x1c0 arch/x86/entry/syscall_64.c:90
entry_SYSCALL_64_after_hwframe+0x77/0x7f
read to 0xffffffff88e643f8 of 8 bytes by task 9972 on cpu 1:
data_make_reusable kernel/printk/printk_ringbuffer.c:594 [inline]
data_push_tail+0x107/0x440 kernel/printk/printk_ringbuffer.c:679
data_alloc+0xbd/0x2c0 kernel/printk/printk_ringbuffer.c:1054
prb_reserve+0x86a/0xb80 kernel/printk/printk_ringbuffer.c:1669
vprintk_store+0x552/0x860 kernel/printk/printk.c:2326
vprintk_emit+0x1a0/0x6c0 kernel/printk/printk.c:2426
vprintk_default+0x26/0x30 kernel/printk/printk.c:2465
vprintk+0x1d/0x30 kernel/printk/printk_safe.c:82
_printk+0x7f/0xb0 kernel/printk/printk.c:2475
__netdev_printk+0x2d1/0x3e0 net/core/dev.c:12409
netdev_info+0x9e/0xd0 net/core/dev.c:12456
netif_set_allmulti+0x15f/0x250 net/core/dev.c:9252
__dev_change_flags+0x32b/0x410 net/core/dev.c:9395
rtnl_configure_link net/core/rtnetlink.c:3588 [inline]
rtnl_newlink_create+0x36a/0x640 net/core/rtnetlink.c:3843
__rtnl_newlink net/core/rtnetlink.c:3950 [inline]
rtnl_newlink+0xf38/0x12d0 net/core/rtnetlink.c:4065
rtnetlink_rcv_msg+0x65a/0x740 net/core/rtnetlink.c:6955
netlink_rcv_skb+0x12f/0x230 net/netlink/af_netlink.c:2534
rtnetlink_rcv+0x1c/0x30 net/core/rtnetlink.c:6982
netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
netlink_unicast+0x605/0x6c0 net/netlink/af_netlink.c:1339
netlink_sendmsg+0x609/0x720 net/netlink/af_netlink.c:1883
sock_sendmsg_nosec net/socket.c:712 [inline]
__sock_sendmsg+0x140/0x180 net/socket.c:727
____sys_sendmsg+0x350/0x4e0 net/socket.c:2566
___sys_sendmsg net/socket.c:2620 [inline]
__sys_sendmsg+0x1a0/0x240 net/socket.c:2652
__do_sys_sendmsg net/socket.c:2657 [inline]
__se_sys_sendmsg net/socket.c:2655 [inline]
__x64_sys_sendmsg+0x46/0x50 net/socket.c:2655
x64_sys_call+0x26f3/0x2e10 arch/x86/include/generated/asm/syscalls_64.h:47
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0xc9/0x1c0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x77/0x7f
value changed: 0x00000000ffffe8f5 -> 0x3620336320666620
Reported by Kernel Concurrency Sanitizer on:
CPU: 1 UID: 0 PID: 9972 Comm: syz.0.1845 Not tainted 6.15.0-rc1-syzkaller-00060-ga24588245776 #0 PREEMPT(voluntary)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
==================================================================
---
This report is generated by a bot. It may contain errors.
See https://goo.gl/tpsmEJ for more information about syzbot.
syzbot engineers can be reached at syzk...@googlegroups.com.
syzbot will keep track of this issue. See:
https://goo.gl/tpsmEJ#status for how to communicate with syzbot.
If the report is already addressed, let syzbot know by replying with:
#syz fix: exact-commit-title
If you want to overwrite report's subsystems, reply with:
#syz set subsystems: new-subsystem
(See the list of subsystem names on the web dashboard)
If the report is a duplicate of another one, reply with:
#syz dup: exact-subject-of-another-report
If you want to undo deduplication, reply with:
#syz undup
syzbot
Jun 4, 2025, 12:05:19 PM6/4/25
to syzkaller-upst...@googlegroups.com
Auto-closing this bug as obsolete.
Crashes did not happen for a while, no reproducer and no activity.
Crashes did not happen for a while, no reproducer and no activity.
Reply all
Reply to author
Forward
0 new messages